How to whitelist ebay but not ebay spoofs?

Vernon Schryver vjs@calcite.rhyolite.com
Wed Dec 15 23:51:08 UTC 2004


> From: George Schlossnagle <george@omniti.com>

> >> Combine it with eBay's new spf or sender-id record.
> >
> > That might work, if you can set the ${dcc_notspam} macro in whatever
> > sendmail.cf rules you use to check SPF or Sender-ID records.
>
> Well, SPF records don't guarantee no spam, just that the envelope 
> domain is accurate[1].  So ${dcc_envelope_is_truthful} would be more 
> accurate.  You shouldn't blanket whitelist SPF-passes, just means you 
> can reliably check them against domain based whitelist/blacklists.

That's a good point.  Somehow I was thinking of setting ${dcc_notspam}
only for the SPF records of a few, selected major phishing targets.  

Note that:

  - The ${dcc_notspam} macro is an existing mechanism available for
     sendmail.cf macros that need to tell dccm to whitelist a message
     for the DCC.  See the `misc/hackmc -T` script in the DCC source
     or the effects of -T in
     http://www.dcc-servers.net/dcc/dcc-tree/misc/hackmc

  - ${dcc_envelope_is_truthful} would not be quite right or not quite
     as useful as it might sound.  In the unlikely event that not
     merely publishing SPF RRs but checking them became popular,
     phishers would buy ebey.com and publish SPF records for it.
     Notice the NANAS reports of ebey.com phishing spam in
     http://groups.google.com/groups?q=ebey.com+group:*.sightings

  - Saying that I don't think much of SPF grossly overstates my
     enthusiasm.  I'll leave to your imagination what I really think
     of using SPF for any purpose other than the one implied by the
     reports that valid SPF RRs are commonly seen for spam.


Vernon Schryver    vjs@rhyolite.com


> [1]  Modulo all the problems with SPF and forwarders.

I assumed, perhaps incorrectly, that little legitimate eBay mail would
be forwarded.
I've written too much elsewhere on SPF's version of SMTP source routing.
It appears to have been invented by someone who knew nothing about
existence of the original, not mention the original's good and bad
points or the decades old, industry wide as well as official IETF
consensus that the bad easily outweighed the good.



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.